November 25, 2003

How Safe Is Your E-mail?

Between the passage of the controversial PATRIOT Act and the threat of RIAA subpoenas, students are increasingly concerned about their rights to privacy. An article on Salon.com states that the University of New Hampshire monitored a private mailing list and shut down a protest with the information they culled from it, while the University of Wyoming has begun testing software that could eventually track every file that passes through its network.

Exactly how “private” a schools’ networks should — and can — be is becoming a topic debated heatedly. “The argument, ‘Don’t worry, we’re not going to invade your privacy’ is woefully inadequate,'” says Matt Gewolb ’04, founder of the Cornell Freedom Project.

“Students should feel very good [about their privacy on CIT systems], because of [Cornell Information Technology]’s policy and procedures [that] protect access to their e-mail on CIT systems,” Mitrano said. “[Students’] mail is not always restricted to CIT systems, however, and there is no university policy on access to e-mail.”

“The total picture is one of very carefully crafted policy and implementation procedures,” she continued.

This picture is one that is made up of a series of protocol implemented to ensure that private information remains so, barring what Mitrano refers to as “compulsory legal papers” and emergency situations.

Cornell’s Information Technology Rights and Responsibilities states, “Cornell does not monitor or censor e-mail.” Every policy change, including the recently-implemented PureMessage software package, takes this into careful considerations.

PureMessage scans incoming messages for viruses and then tries to guess at whether the e-mail is spam, or junk e-mail, by using an automatic “scorecard.”

“While the software package scans incoming messages and applies a set of heuristics to identify the likelihood that a message may be spam, no person is actually involved in that determination — thus not true monitoring is occurring,” said Rick MacDonald ’71, director of systems and operations at CIT. “No one looks at any portion of the quarantined mail,” he continued.

There are, however, strict circumstances under which the University will look at mail.

“Certainly we will comply with all compulsory legal papers received by the University and accordingly reviewed by University legal counsel,” Mitrano said. “[However,] CIT is absolutely not proactively monitoring its network looking for illegal activities.”

Aside from legal necessity, the University only reads e-mail or internet logs in emergency situations with the permission of the appropriate vice president of the student, according to Mitrano.

“We have sometimes been asked to monitor content without appropriate cause, for example by the RIAA to enforce their copyrights, or even in the case of the stray individual who calls and asks if they could check their ex-boyfriend’s mail to see if he is dating someone new … but in every case, where there is not appropriate cause such as a bona fide emergency or compulsory legal paper or permission by the vice president of students … these requests are unequivocally and unilaterally denied. We simply don’t do it,” she said.

Gewolb says this policy doesn’t go far enough in protecting student privacy. “E-mail privacy is pretty simple. It shouldn’t be read by administrators or third parties, period,” he said.

“It’s in black and white [on their policy website]: they can tell which kind of websites you’ve been visiting. What business is it of the university to monitor our internet usage, read our e-mail, and invade student privacy?” he continued.

Gewolb was referencing Cornell’s “Data Access and Retention” paper, which states that CIT keeps router transaction logs for approximately six months, which are used for “troubleshooting, capacity planning, security investigations, cost allocation,” according to the paper. E-mails sent over Cornell servers are stored for seven days, the paper continues.

Gewolb said that these logs should not be kept at all. Mitrano countered that “University business functions could not operate without back up operations, netflow logs, and other supporting documentation … It is simply not reasonable to purge all logging information.”

Despite their fundamental disagreements, both Mitrano and Gewolb hope to see changes in the University’s policy.

“Explicit policy and procedure about the handling of e-mail exists to protect mail that goes through CIT systems. But there is no university policy explicitly stating the policies and procedure about the handling of mail throughout the whole university … it is on balance better to have a policy on matters such as these not only to make the practices uniform, but to instill a sense of trust throughout the community.”

To these ends, CIT is sponsoring an “Access to Electronic Mail” policy that would extend CIT’s policies — or others drafted — across the entire university. “We hope that the rest of the University will assist us in crafting, and promulgating, this important policy.”

Gewolb says that CIT needs to seriously reconsider its current stance, however: “There needs to be a complete overhaul, with student input and mechanisms in place to ensure the university isn’t reading our private communications … I don’t care if it’s [President] Jeffrey Lehman approving some action, Cornell shouldn’t be reading my e-mail.”

This is the "wpengine" admin user that our staff uses to gain access to your admin area to provide support and troubleshooting. It can only be accessed by a button in our secure log that auto generates a password and dumps that password after the staff member has logged in. We have taken extreme measures to ensure that our own user is not going to be misused to harm any of our clients sites.

Related

BYOB has been the word on many Cornellian’s lips since September, when the Multicultural Greek Letter Council joined the Interfraternity Council and the Panhellenic Association in voting to make Cornell a bring-your-own-beverage campus. The policy has weathered stress in the past two months, as members of the Cornell University Police Department, the administration and representatives of the Greek system have attempted to cope with the loss of the only caterer available and the unwillingness of the New York State Liquor Authority to issue permits to caterers with a poor track record. “The BYOB policy was instituted this fall so that chapters would have a way to hold relatively small parties without having to hire a caterer to serve alcohol,” said Timothy Marchell, director of alcohol policy initiatives at Gannett: Cornell University Health Services. “After the BYOB policy started, the only active caterer lost its liquor license due to violations. So that leaves chapters with few options.” At its introduction, the BYOB policy seemed to be an answer to the problem of the small party. While some fraternities were able to finance the high costs of catering parties, many were unable to — often leading to underground and illegal gatherings. “The students probably have one perspective as to why [BYOB] was originally needed,” said Susan Murphy ’73, vice president of student and academic services. “From where I sit, we were seeing a monopoly. The caterers were charging high fees so frats were saying ‘if you want us to have small parties there needs to be another way.’ We wanted to provide an incentive and structure in which fraternities could register their parties where they had been doing so underground and to establish consequences for violations.” “BYOB overall has been a step forward; however, it’s not without its challenges. We’re working on the glitches and that’s going to take a little more time and understanding [of] social policy,” said Michael Taylor ’05, IFC vice president of University and community relations. “It got a lot more stress put on it after the one [remaining] catering company got taken out. Now the only way anyone can have a party is through BYOB.” By passing the BYOB policy, Cornell joined many other schools around the country, including the University of Pennsylvania and Syracuse University, which also require partygoers to bring their own beverages. “I think we have a good chance of keeping the policy because its main focus is to get rid of hard liquor and kegs from parties, keeping beer, wine, wine coolers and other bottled malt beverages to make parties safer,” said Paul El-Meouchy ’04, president of the IFC. “Chapters were doing these kinds of parties last year underground and when they got caught they would get in trouble. We felt it would be more beneficial to legalize these parties in our system by ensuring a safety control on these events.” El-Meouchy added that the policy seems to have helped in that respect. “I can tell you that we have seen a significant decrease, by three fold, in the number of judicial cases, which is great. The chapters do know what is expected of them, the most important [components are] not having hundreds of hundreds of people at their parties, no kegs and no hard liquor,” El-Meouchy said. “The chapters that don’t register their events or break one of the above expectations get a pretty hefty sanction and it has been administered to a few.” As it stands though, BYOB is the only policy available to partygoers. “[Chapters] can hold a BYOB event, have their event in a licensed establishment, or find a licensed and insured caterer who can get a permit from the State Liquor Authority to do the event in a fraternity. However, those caterers are in very short supply, if they are available at all,” Marchell said. The lack of options has created a pressing need for members of the IFC, Panhel and MGLC and the CUPD to work together so that the policy will not be compromised, as it enables more safety at parties. CUPD Lt. Mike Musci has been meeting every two weeks with Leo Pedraza, assistant dean of fraternity and sorority affairs, to asses the situation. “Many fraternities are dependent on social events for recruitment events and our job at the office is to show them how they can be successful without these parties, show them that there are positive ways to bring in new members, and to disassociate this view of big parties and successful recruitment,” Pedraza said. The Alumni Interfraternity Council, which meets three times a year — most recently at Homecoming — has devoted a subcommittee to brainstorm ideas and suggestions for action next semester. “The concern of the Fraternity-Sorority Advisory Council, [a separate organization that is also dealing with BYOB] was that if you’re having a party with five hundred or more people it’s going to be impossible to handle,” Murphy said. “I hope we can find a way that we can continue some form of a third party catering system. At this point we’re looking into other caterers and figuring out how we can try to enable this to happen.” “The [Liquor Authority] wants Cornell to find a reputable caterer that will do its job,” El-Meouchy said. “I would like to see catering come back because they are what allow the chapters to throw a large scale event and to serve other stuff than beer and wine. We are still working on our plan of action in that regard and I think a solution will come soon.” Both Marchell and Musci confirmed that efforts are being made to identify outside security agencies, such as Chestnut Street Security — used by Colgate and Syracuse Universities — and figure out what role they might be able to play at BYOB events. Archived article by Logan Bromer

“It’s all about learning how to win,” said head coach Steve Donahue. Sometimes it takes a little more than out-hustling or out shooting your opponent; it takes stepping up just a little more at just the right time. The men’s basketball lost a tough overtime battle to Colgate, 84-77, last night at Newman Arena after the Raiders stopped Cornell’s second half rally just in time to earn an extra period. The Red held the Colgate scoreless for the first two and a half minutes of overtime, but then Raiders sophomore guard Alvin Reed hit a three with 2:10 left, and teammate Andrew Zidar added a lay-up to put the Colgate up by five. The Raiders iced the game at the line, shooting eight-for-eight in the last minute, as the Cornell tried to get a scoring opportunity. “Momentum had been big the whole game,” noted junior forward Gabe Stephenson. Cornell missed a couple easy baskets early in OT, and they proved to be the team’s undoing. “We got up tight and just started pressing a bit,” said Stephenson. Coming into halftime, the score stood at 30-39, with the Red facing a nine-point deficit. But, the team came out with some fire, battling back. Led by Stephenson and junior co-captain Eric Taylor, Cornell started working the defensive boards and getting points inside. Taylor scored 11 of his 13 points in the second, while Stephenson exploded for seven rebounds and 12 points in the period; he finished with 17 points and 12 boards — six offensive and six defensive — leading the team in each category. The point and rebound totals were all career highs for Stephenson. The play of the big men inside helped junior Cody Toppert get some open looks, allowing him to score 14, including 12 points from beyond the arc. With that, the Red was in business. “We came back real well in the second half,” said Stephenson. After working its way back at the beginning of the second, Toppert nailed a three with 8:48 left. That shot sparked a three-minute long, 12-4 run by the Red that put the team on top with 5:49 to go. Cornell battled the Raiders back and forth the rest of the game until Taylor powered in a basket for two in the paint, drawing a foul and leaving the score at 68-69 in favor of Colgate. Taylor nailed the free throw to tie the game, and both teams went scoreless over the last 1:54 to send the game into overtime. In the locker room at halftime, Donahue said he just told his players to keep with the defense and the rebounding, and win the game four minutes at a time. “I knew we’d play well in the second half,” said the coach. The team responded to his message, executing its plan and giving itself a chance for the victory. “I thought we went toe to toe at the end,” said Donahue. The second half made up for a lackluster first in which the team gave up easy points early on, putting itself at a 2-10 deficit early on. “We just didn’t play a good first half,” said Stephenson. “We didn’t come out ready to play.” The Red shot 30.3 percent from the floor to Colgate’s 41.7 percent, and the Raiders outrebounded Cornell,, 20-10, on the defensive end. By the end of the second, those numbers had nearly reversed, with Cornell hauling in 13 balls to the Raiders’ five and holding Colgate to zero offensive boards. “I thought we were very inconsistent in our approach,” said Donahue about the game as a whole. “I thought physically we did all right, but we were real impatient on the offensive end.” The coach did note that he was pleased with the team’s second-half play though. At halftime, Stephenson said the team’s veterans got together to talk. “We had a little discussion about our last game in Australia,” he said. In that game the Red came back from a 20 points down at halftime to earn a victory. This time, the Red almost did it against some competition back home. “We are a different team than in past years,” said Stephenson. Archived article by Matt James